HjT - logini sekä

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

tiistai 13.1.2026 / 06:52

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > hjt - logini sekä

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

HjT - logini sekä

Siirry:

Kirjoittaja

Viesti

Tontttu

Junior Member

13. toukokuuta 2007 @ 13:28

Linkki tähän viestiin

edit: ohos, otsikko ei tullut kokonaan. loppuosa olis ollut 'sekä "registy cleaner"'

Moi!

On kone takkuillut vähän nykyään, tein HjT -login, löytyykö mitään erityistä?

Lainaus:
Logfile of HijackThis v1.99.1
Scan saved at 17:24:04, on 13.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\tcpipmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tcpipmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WPSC3PSW.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fish Tycoon\FishTycoon.exe
C:\Program Files\Fish Tycoon\FishTycoon.RWG
C:\Program Files\Fish Tycoon\ReflexiveArcade\RAW_003.wdt
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\Tonttu\Työpöytä\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.find.fm/?aid=53&sid=99
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.find.fm/?aid=53&sid=99
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: www.find.fm Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\FindFM Toolbar\toolbar.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTB04482 - {26BAFB48-6120-4494-9988-F3A1090CC40B} - C:\PROGRA~1\FINDFM~1\toolbar.dll (file missing)
O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O2 - BHO: (no name) - {539825C7-49B2-404B-B930-058E06465B9D} - C:\WINDOWS\system32\gebyyxu.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AA350EB6-6AFE-4BD6-9D6B-F658052133A8} - C:\WINDOWS\system32\mljji.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - C:\WINDOWS\system32\sdnaanwa.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: www.find.fm Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\FindFM Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [WpsRePsw] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvsuv.dll,startup
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\system32\rpcc.exe
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\rrrbcdxc.dll",realset
O4 - HKLM\..\RunServices: [NetBus Server Pro] C:\Program Files\NetBus Pro\NBSvr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [IECheck] C:\WINDOWS\IECheck.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RtlWake.lnk = C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://aquacamera.dyndns.org/RtspVaPgDec.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/Ap...ap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/Ap...ap/DigWXMSN.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: gebyyxu - C:\WINDOWS\SYSTEM32\gebyyxu.dll
O20 - Winlogon Notify: mljji - C:\WINDOWS\system32\mljji.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winexz32 - C:\WINDOWS\SYSTEM32\winexz32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Unknown owner - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Nuo nettilinkit mua kiinnostais. Mitä ne on? Pitäiskö poistaa hjt:llä? Netbus samoin?

Lisäksi näytön alareunassa on pikkukuva, joka kokoajan inisee, että on viruksia, ja yrittää latailla "Registry cleaner" -ohjelmaa, joka yllättäin löytää kasan viruksia, ja suostuu poistamaan ne, kunhan eka ostaa ohjelman. Mitenkäs tuosta pääsis eroon?

Kiitos :)

[ + lainaa]

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 13. toukokuuta 2007 @ 13:29

Auttaja

Suspended permanently

13. toukokuuta 2007 @ 13:34

Linkki tähän viestiin

Alotetaan näin

======

Lataa SDFix by AndyManchesta http://downloads.andymanchesta.com/RemovalTools/SDFix.zip ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:

* Käynnistä tietokone
* Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
* Seuraavaksi pitäisi ilmestyä valikko
* Valitse valikosta vikasietotila.

* Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix.exe) työpöydälle. Tuplakilikkaa työpöydälle ilmestynyttä sdfix.exe tiedostoa. Tiedosto purkaantuu ja asentaa itsensä siihen levyasemaan, minne on käyttöjärjestelmä on asennettu ja juureen ilmestyy kansio SDFix, ESIM C:\SDFix
* Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
* Paina Y käynnistääksesi skriptin.
* Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
* Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
* Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
* Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
* Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
* Lopuksi avaa SDFix kansio ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi

=======

Lataa VundoFix.exe työpöydällesi.
*Tupla-klikkaa VundoFix.exe ajaaksesi sen.
*Klikkaa Scan for Vundo valintaa.
*Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
*Sinulta kysytään haluatko poistaa filut - klikkaa YES.
*Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
*Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
*Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

======0

Uusi Hjtlogi

[ + lainaa]

Don´t send your HijackThis log to another user topic. Remember to describe what kind of problems you have. (In my opinion afterdawn has very unsupportive attitude against malware fighters)
How to send HijackThis log (step 3-5)Hijackthis login lähettämisohjeet (Finland)
My profile "Therefore I say to you, do not worry about your life, what you will eat or what you will drink; nor about your body, what you will put on."
My home forum (Finland) Geeks To Go - Another place
List of rogue programs. (Finland) For exampe MSG+ is there. Another list

Tontttu

Junior Member

13. toukokuuta 2007 @ 14:33

Linkki tähän viestiin

Kiitoksia paljon, tosi hyvät ohjeet! Nimimerkkisi on juuri sopiva sinulle. :)

Report.txt:

Lainaus:

SDFix: Version 1.83

Run by Tonttu - su 13.05.2007 - 17:55:43,29

Microsoft Windows XP [versio 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\NGFJYA.EXE - Deleted
C:\OBUPYWY.EXE - Deleted
C:\108357~1 - Deleted
C:\WINDOWS\Temp\win1C.tmp.exe - Deleted
C:\WINDOWS\Temp\win1E.tmp.exe - Deleted
C:\WINDOWS\Temp\win20.tmp.exe - Deleted
C:\WINDOWS\Temp\win22.tmp.exe - Deleted
C:\WINDOWS\Temp\win27.tmp.exe - Deleted
C:\WINDOWS\Temp\win1C.tmp.exe - Deleted
C:\WINDOWS\Temp\win1E.tmp.exe - Deleted
C:\WINDOWS\Temp\win20.tmp.exe - Deleted
C:\WINDOWS\Temp\win22.tmp.exe - Deleted
C:\WINDOWS\Temp\win27.tmp.exe - Deleted
C:\DOCUME~1\Tonttu\LOCALS~1\Temp\win4D.tmp.exe - Deleted
C:\DOCUME~1\Tonttu\LOCALS~1\Temp\temp.exe - Deleted
C:\WINDOWS\system32\rpcc.exe - Deleted
C:\WINDOWS\system32\tcpipmon.exe - Deleted
C:\WINDOWS\Temp\win*.tmp - Deleted

Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Final Check:

Remaining Services:
------------------

Rootkit PE386 Found, Use a Rootkit scanner !

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"="C:\\Program Files\\SmartFTP\\SmartFTP.exe:*:Enabled:SmartFTP Client"
"C:\\Program Files\\NetBus Pro\\NBSvr.exe"="C:\\Program Files\\NetBus Pro\\NBSvr.exe:*:Disabled:NBSvr"
"C:\\Program Files\\Steam\\SteamApps\\*******@suomi24.fi\\condition zero\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\*******@suomi24.fi\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\RevConnect\\DCPlusPlus.exe"="C:\\Program Files\\RevConnect\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"="C:\\Program Files\\The All-Seeing Eye\\eye.exe:*:Enabled:Yahoo! All-Seeing Eye"
"C:\\Program Files\\Steam\\SteamApps\\*****@luukku.com\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\*****@luukku.com\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Steam\\SteamApps\\*****@luukku.com\\dedicated server\\hlds.exe"="C:\\Program Files\\Steam\\SteamApps\\*****@luukku.com\\dedicated server\\hlds.exe:*:Enabled:HLDS Launcher"
"C:\\Program Files\\Steam\\SteamApps\\*****@luukku.com\\half-life\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\*****@luukku.com\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Age of Empires 2\\empires2.EXE"="C:\\Program Files\\Age of Empires 2\\empires2.EXE:*:Enabled:Age of Empires II"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Westwood\\RA2\\gamemd.exe"="C:\\Westwood\\RA2\\gamemd.exe:*:Enabled:Main executable for Yuri's Revenge"
"C:\\Program Files\\Steam\\SteamApps\\*****@suomi24.fi\\half-life 2\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\*****@suomi24.fi\\half-life 2\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Apache Software Foundation\\Apache2.2\\bin\\httpd.exe"="C:\\Program Files\\Apache Software Foundation\\Apache2.2\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\Steam\\SteamApps\\*****@luukku.com\\half-life blue shift\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\*****@luukku.com\\half-life blue shift\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\SteamApps\\*****@luukku.com\\opposing force\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\*****@luukku.com\\opposing force\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\SteamApps\\*****\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\*****\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\SteamApps\\*****\\condition zero\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\*****\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Resurssienhallinta"
"C:\\Program Files\\Steam\\SteamApps\\*****\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\*****\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Etätuki - Windows Messenger ja ääniyhteys"
"C:\\DOCUME~1\\Tonttu\\LOCALS~1\\Temp\\win4B.tmp.exe"="C:\\DOCUME~1\\Tonttu\\LOCALS~1\\Temp\\win4B.tmp.exe:*:Enabled:win4B.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Documents and Settings\Tonttu\Local Settings\Application Data\Microsoft\Messenger\toni@arkku.net\Sharing Folders\sanna.rokka@hotmail.com\Thumbs.db
C:\Program Files\Steam\SteamApps\*****@luukku.com\counter-strike\cstrike\radial.cdb
C:\Program Files\Steam\SteamApps\*****@luukku.com\CS\cstrike\models\player\Thumbs.db
C:\WINDOWS\system32\mljji.dll
C:\DCdownloads\SHARED\lala.exe
C:\DCdownloads\SHARED\mirc.exe
C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Picasa2\setup.exe
C:\WINDOWS\system32\A386F2B287.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\Temp\18467.tmp.LOG
C:\Program Files\eMule\Incoming\DVDFab serial keygen.zip
C:\Program Files\eMule\Incoming\Lotus Organizer v2.1 Win serial keygen.zip

Finished

VudoFix.txt:

Lainaus:

VundoFix V6.3.21

Checking Java version...

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Scan started at 18:16:19 13.5.2007

Listing files found while scanning....

C:\WINDOWS\system32\awtstqq.dll
C:\WINDOWS\system32\ddcabxx.dll
C:\WINDOWS\system32\ijjlm.bak1
C:\WINDOWS\system32\ijjlm.ini
C:\WINDOWS\system32\mljji.dll
C:\WINDOWS\system32\ojqnjxfq.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtstqq.dll
C:\WINDOWS\system32\awtstqq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcabxx.dll
C:\WINDOWS\system32\ddcabxx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ijjlm.bak1
C:\WINDOWS\system32\ijjlm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ijjlm.ini
C:\WINDOWS\system32\ijjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljji.dll
C:\WINDOWS\system32\mljji.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ojqnjxfq.dll
C:\WINDOWS\system32\ojqnjxfq.dll Has been deleted!

Performing Repairs to the registry.
Done!

Hjt:

Lainaus:
Logfile of HijackThis v1.99.1
Scan saved at 18:27:22, on 13.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WPSC3PSW.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Tonttu\Työpöytä\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.find.fm/?aid=53&sid=99
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.find.fm/?aid=53&sid=99
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: www.find.fm Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\FindFM Toolbar\toolbar.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {129567FE-4912-4656-A424-B95E2AE10096} - C:\WINDOWS\system32\mljji.dll (file missing)
O2 - BHO: XBTB04482 - {26BAFB48-6120-4494-9988-F3A1090CC40B} - C:\PROGRA~1\FINDFM~1\toolbar.dll (file missing)
O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O2 - BHO: (no name) - {539825C7-49B2-404B-B930-058E06465B9D} - C:\WINDOWS\system32\gebyyxu.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - C:\WINDOWS\system32\sdnaanwa.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: www.find.fm Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\FindFM Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [WpsRePsw] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvsuv.dll,startup
O4 - HKLM\..\RunServices: [NetBus Server Pro] C:\Program Files\NetBus Pro\NBSvr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [IECheck] C:\WINDOWS\IECheck.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RtlWake.lnk = C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://aquacamera.dyndns.org/RtspVaPgDec.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/Ap...ap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/Ap...ap/DigWXMSN.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: gebyyxu - C:\WINDOWS\SYSTEM32\gebyyxu.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winexz32 - C:\WINDOWS\SYSTEM32\winexz32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Unknown owner - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Niin, ja nyt windows on alkanu valittaa, että olen saattanut saada väärennetyn käyttöjärjestelmän. Valittaa siitä koko ajan, enkä aio ostaa uutta. Saako tuota estettyä mitenkään? Samalla aukee myös tämä sivu.

[ + lainaa]

Auttaja

Suspended permanently

13. toukokuuta 2007 @ 16:14

Linkki tähän viestiin

Ai hitto mikä pöpö

===

Lataa RustBFix by ejvindh jommastakummasta linkistä ja tallenna se työpöydällesi:
rustbfix.exe
rustbfix.exe

Tuplaklikkaa tiedostoa rustbfix.exe. Jos löytyy Rustock.b-infektio, sinua pyydetään pian käynnistämään kone uudelleen. Uudelleenkäynnistyminen saattaa kestää hetken ja joudut ehkä käynnistämään koneen vielä toisenkin kerran. Kaikki tämä tapahtuu automaattisesti. Uudelleenkäynnistyksen jälkeen kaksi lokitiedostoa avautuu (%root%\avenger.txt & %root%\rustbfix\pelog.txt).

Kopioi ja liitä nämä kaksi lokitiedostoa seuraavaan vastaukseesi.

=======

[*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
[*]Kun Vundofix uudelleenaukeaa, klikkaa Scan for Vundo valintaa.
[*]Kun skannaus on valmis, oikea-klikkaa kyseisen listaboksin sisällä (valkoinen laatikko jossa on löydetyt tiedostot listattu) ja valitse Add more files
[*]Kopioi ja liitä seuraavat 2 riviä kahteen ylimmäiseen boksiin
[*]C:\WINDOWS\system32\gebyyxu.dll
[*]C:\WINDOWS\system32\uxyybeg.*
[*]C:\WINDOWS\system32\sdnaanwa.dll
[*]Klikkaa Add Files ja sitten klikkaa Close Window.

[*]Klikkaa Remove Vundo valintaa.
[*]Saat viestin jossa kysytään haluatko poistaa valitut tiedostot, klikkaa YES.
[*]Kun klikkaat yes, työpöytäsi tyhjenee kun työkalu alkaa poistamaan Vundoa.
[*]Kun valmis, saat viestin jossa pyydetään sammuttamaan tietokone, klikkaa OK.
[*]Käynnistä koneesi uudelleen.
[*]Postita C:\vundofix.txt lokin sisältö tuoreen HijackThis lokin kera.

========

Lataa Killbox Option^Explicitiltä.

Huomaa: Jos sinulla on jo Killbox, tämä on uusi versio joka sinun tulee asentaa. Poista aikaisempi.

[*]Tallenna työpöydällesi.
[*] Tupla-klikkaa Killbox.exe ajaaksesi ohjelman.
[*] Valitse: [*]Delete on Reboot[*] sitten klikkaa All Files valintaa.
[*]Kopioi ja liitä alapuolella olevat tiedostopolut leikepöydälle mustaamalla KAIKKI ne ja painamalla CTRL + C (tai, mustaamisen jälkeen, oikea klikki hiirellä ja valitse kopioi):

C:\WINDOWS\SYSTEM32\WgaLogon.dll
C:\WINDOWS\SYSTEM32\WGAtray.exe
C:\WINDOWS\SYSTEM32\winexz32.dll

[*] Palaa Killboxiin, mene File valikkoon, ja valitse Paste from Clipboard.

[*]Klikkaa puna-valkoista Delete File valintaa. Klikkaa Yes "Delete on Reboot" pyyntöön. Klikkaa OK mihin vain PendingFileRenameOperations pyyntöön (ja anna fixaajan tietää jos jokin tälläinen tulee!).
Käynnistä koneesi itse jos se ei sitä automaattisesti tee

Jos saat tälläisen viestin: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." Kun yrität ajaa KillBoxia, klikkaa tätä ladataksesi ja ajaaksesi Missingfilessetup.exe;n. Sitten koita KillBoxia uudestaan.

========

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

========
Uusi Hjtlogi :)

[ + lainaa]

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 13. toukokuuta 2007 @ 16:20

Tontttu

Junior Member

13. toukokuuta 2007 @ 17:10

Linkki tähän viestiin

Lainaus, alkuperäisen viestin kirjoitti Auttaja:
Ai hitto mikä pöpö

Huih, mikä se on tuolla logeissa? :/

Pelog.txt:

Lainaus:
************************* Rustock.b-fix -- By ejvindh *************************
su 13.05.2007 20:31:08,28

******************* Pre-run Status of system *******************

Rootkit driver PE386 is found. Starting the unload-procedure....

Rustock.b-ADS attached to the System32-folder:
:lzx32.sys 71354
Total size: 71354 bytes.
Attempting to remove ADS...
system32: deleted 71354 bytes in 1 streams.

Looking for Rustock.b-files in the System32-folder:
No Rustock.b-files found in system32

******************* Post-run Status of system *******************

Rustock.b-driver on the system: NONE!

Rustock.b-ADS attached to the System32-folder:
No System32-ADS found.

Looking for Rustock.b-files in the System32-folder:
No Rustock.b-files found in system32

******************************* End of Logfile ********************************

Avenger.txt:

Lainaus:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\krluqicf

*******************

Script file located at: \??\C:\gtabfasf.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver PE386 unloaded successfully.
Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate.

Vundofix.txt:

Lainaus:

VundoFix V6.3.21

Checking Java version...

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Scan started at 20:37:46 13.5.2007

Listing files found while scanning....

C:\WINDOWS\system32\bbadd.bak1
C:\WINDOWS\system32\bbadd.ini
C:\WINDOWS\system32\ddabb.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bbadd.bak1
C:\WINDOWS\system32\bbadd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\bbadd.ini
C:\WINDOWS\system32\bbadd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddabb.dll
C:\WINDOWS\system32\ddabb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebyyxu.dll
C:\WINDOWS\system32\gebyyxu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sdnaanwa.dll
C:\WINDOWS\system32\sdnaanwa.dll Has been deleted!

Performing Repairs to the registry.
Done!

Combofix.txt:

Lainaus:
"Tonttu" - 2007-05-13 20:53:23 Service Pack 2
ComboFix 07-05.13.V - Running from: "C:\Documents and Settings\Tonttu\Ty?p?yt?\"

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\gvlkbgme.dll
C:\WINDOWS\system32\rrrbcdxc.dll
C:\WINDOWS\system32\emgbklvg.ini
C:\WINDOWS\system32\cxdcbrrr.ini

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-13 ))))))))))))))))))))))))))))))))))

2007-05-13 20:49 <KANSIO> d-------- C:\!KillBox
2007-05-13 20:36 <KANSIO> d-------- C:\avenger
2007-05-13 20:31 <KANSIO> d-------- C:\Rustbfix
2007-05-13 18:16 <KANSIO> d-------- C:\VundoFix Backups
2007-05-13 18:04 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-05-13 17:09 <KANSIO> d-------- C:\Program Files\RegistryCleaner
2007-05-13 14:49 614,191 --a------ C:\WINDOWS\system32\RegistryCleanerSetup.exe
2007-05-12 22:14 40,960 --a------ C:\WINDOWS\system32\Fish Tycoon.scr
2007-05-12 22:14 <KANSIO> d-------- C:\Program Files\Fish Tycoon
2007-05-12 21:51 48,128 --a------ C:\xffjxlk.exe
2007-05-12 21:42 75,776 --a------ C:\rkekq.exe
2007-05-12 21:42 48,128 --a------ C:\lcdeljej.exe
2007-05-12 21:41 93,696 --a------ C:\WINDOWS\system32\drvsuv.dll
2007-05-12 21:24 <KANSIO> d-------- C:\Program Files\ReflexiveArcade
2007-05-12 14:07 <KANSIO> d-------- C:\CDALFA
2007-05-11 14:54 <KANSIO> d----c--- C:\DCdownloads
2007-05-09 15:25 <KANSIO> d-------- C:\DOCUME~1\Tonttu\APPLIC~1\BFGTOOLBAR
2007-05-06 19:43 <KANSIO> d-------- C:\Program Files\Dictionary
2007-04-23 17:54 <KANSIO> d-------- C:\Program Files\CDisplay

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-13 14:14:41 -------- d-----w C:\Program Files\RevConnect
2007-05-13 13:44:35 -------- d-----w C:\Program Files\Steam
2007-05-13 11:57:09 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-13 11:24:22 -------- d-----w C:\Program Files\Norton AntiVirus
2007-05-13 10:47:25 -------- d-----w C:\Program Files\Symantec
2007-05-13 08:57:40 -------- d-----w C:\Program Files\Save
2007-05-11 18:12:38 -------- d-----w C:\DOCUME~1\Tonttu\APPLIC~1\SmartFTP
2007-05-10 16:23:36 -------- d-----w C:\Program Files\mIRC
2007-05-10 13:48:04 -------- d-----w C:\Program Files\bfgtoolbar
2007-03-28 15:41:32 517,848 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-03-28 15:41:28 132,824 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-03-28 15:41:26 266,552 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-03-28 15:41:24 18,904 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-03-28 15:41:20 37,016 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-03-28 15:41:18 47,192 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-03-28 15:41:14 171,928 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-03-28 15:41:12 11,480 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-03-26 10:32:42 64,812 ----a-w C:\WINDOWS\system32\perfc00B.dat
2007-03-26 10:32:42 354,486 ----a-w C:\WINDOWS\system32\perfh00B.dat
2007-03-21 14:30:06 -------- d-----w C:\DOCUME~1\Tonttu\APPLIC~1\Screenshot Sender
2007-03-17 13:44:51 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-13 12:48:01 -------- d-----w C:\Program Files\Messenger Plus! Live
2007-03-13 12:48:00 -------- d-----w C:\Program Files\MSN Messenger
2007-03-11 12:33:17 -------- d-----w C:\Program Files\Guitar Pro 5
2007-03-08 15:38:00 578,048 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:37:59 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:37:59 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:34:26 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-05 20:19:01 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 21:12]
{129567FE-4912-4656-A424-B95E2AE10096}=C:\WINDOWS\system32\mljji.dll []
{26BAFB48-6120-4494-9988-F3A1090CC40B}=C:\PROGRA~1\FINDFM~1\toolbar.dll []
{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A}=C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL [2007-05-09 15:25]
{539825C7-49B2-404B-B930-058E06465B9D}=C:\WINDOWS\system32\gebyyxu.dll []
{5F703219-B163-453C-AACE-2C897C5BE5FC}=C:\WINDOWS\system32\ddabb.dll []
{BDF3E430-B101-42AD-A544-FADC6B084872}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2005-01-10 12:20]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"VTTimer"="VTTimer.exe"
"VTTrayp"="VTtrayp.exe"
"DataLayer"="C:\\PROGRA~1\\COMMON~1\\PCSuite\\DATALA~1\\DATALA~1.EXE"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"LVCOMS"="C:\\Program Files\\Common Files\\Logitech\\QCDriver2\\LVCOMS.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\apdproxy.exe\""
"UnlockerAssistant"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\""
"WpsRePsw"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\2\\WpsRePsw.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" [])
"VTTimer"="VTTimer.exe" [2004-10-22 06:53 C:\WINDOWS\system32\VTTimer.exe])
"VTTrayp"="VTtrayp.exe" [2004-10-12 01:00 C:\WINDOWS\system32\VTTrayp.exe])
"DataLayer"="C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE" [2004-12-09 13:14]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-05-13 13:46]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 11:45]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-11 14:47]
"nwiz"="nwiz.exe" [2005-11-11 14:47 C:\WINDOWS\system32\nwiz.exe])
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-11-11 14:47]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" []
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" []
"WpsRePsw"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE" [2000-01-21 00:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2005-11-06 16:18]
"IECheck"="C:\WINDOWS\IECheck.exe" [2005-11-17 21:40]
"Steam"="" [])

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"IECheck"="C:\\WINDOWS\\IECheck.exe"
"Steam"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"NetBus Server Pro"="C:\\Program Files\\NetBus Pro\\NBSvr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{539825C7-49B2-404B-B930-058E06465B9D}"="C:\WINDOWS\system32\gebyyxu.dll" []

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winexz32

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Tonttu.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-13 21:02:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 2007-05-13 21:04:49 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-13 21:04

hijackthis.log:

Lainaus:
Logfile of HijackThis v1.99.1
Scan saved at 21:06:24, on 13.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WPSC3PSW.EXE
C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Tonttu\Työpöytä\HijackThis_v1.99.1.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.find.fm/?aid=53&sid=99
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: www.find.fm Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\FindFM Toolbar\toolbar.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {129567FE-4912-4656-A424-B95E2AE10096} - C:\WINDOWS\system32\mljji.dll (file missing)
O2 - BHO: XBTB04482 - {26BAFB48-6120-4494-9988-F3A1090CC40B} - C:\PROGRA~1\FINDFM~1\toolbar.dll (file missing)
O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O2 - BHO: (no name) - {539825C7-49B2-404B-B930-058E06465B9D} - C:\WINDOWS\system32\gebyyxu.dll (file missing)
O2 - BHO: (no name) - {5F703219-B163-453C-AACE-2C897C5BE5FC} - C:\WINDOWS\system32\ddabb.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: www.find.fm Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\FindFM Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [WpsRePsw] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE
O4 - HKLM\..\RunServices: [NetBus Server Pro] C:\Program Files\NetBus Pro\NBSvr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [IECheck] C:\WINDOWS\IECheck.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RtlWake.lnk = C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://aquacamera.dyndns.org/RtspVaPgDec.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/Ap...ap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/Ap...ap/DigWXMSN.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: winexz32 - winexz32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Unknown owner - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Isot kiitokset taas! :)

[ + lainaa]

Auttaja

Suspended permanently

13. toukokuuta 2007 @ 17:35

Linkki tähän viestiin

Tallena nämä ohjeet teksitiedostoon sillä et voi lukea niitä muuten vikasietotilassa.

=========

Avaa ohjauspaneeli ja poista/lisää sovelluksen kautta poista seuraavaat ohjelmat jos pystyy:

RegistryCleaner
NetBus Server Pro

==========

Avaa HijackThis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa

R3 - URLSearchHook: www.find.fm Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\FindFM Toolbar\toolbar.dll (file missing)
O2 - BHO: (no name) - {129567FE-4912-4656-A424-B95E2AE10096} - C:\WINDOWS\system32\mljji.dll (file missing)
O2 - BHO: XBTB04482 - {26BAFB48-6120-4494-9988-F3A1090CC40B} - C:\PROGRA~1\FINDFM~1\toolbar.dll (file missing)
O2 - BHO: (no name) - {539825C7-49B2-404B-B930-058E06465B9D} - C:\WINDOWS\system32\gebyyxu.dll (file missing)
O2 - BHO: (no name) - {5F703219-B163-453C-AACE-2C897C5BE5FC} - C:\WINDOWS\system32\ddabb.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: www.find.fm Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\FindFM Toolbar\toolbar.dll (file missing)
O4 - HKLM\..\RunServices: [NetBus Server Pro] C:\Program Files\NetBus Pro\NBSvr.exe
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://aquacamera.dyndns.org/RtspVaPgDec.cab
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: winexz32 - winexz32.dll (file missing)

Tässä ohje miten merkataan:

==========

1,Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi. Jos sinulla on jo kyseinen ohjelma siirry suoraan kohtaan 2!

[*]Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
[*]Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.

2. [*]Käynnistä AVG eAnti-Spyware.
[*]Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
[*]Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
[*]Paina hetken kuluttua uudestaan "Start Update" , jos päivitykset eivät heti onnistu
[*]Jos automaattipäivitys ei jostain syystä toimi, niin tunnisteet voi ladata manuaalisesti http://www.ewido.net/en/download/updates/ -linkin takaa.
[*]Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
[*]Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
[*]Sitten "Reports" valikon alta:a
[*]Laita täppi kohtaan "Automatically generate report after every scan"
[*]Ota täppi pois kohdasta"Only if threats were found"
[*]Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
[*]"Resident shield is", muuta tila active:sta inactive:ksi
[*]Sulje ohjelma, ÄLÄ skannaa vielä.

Käynnistä tietokone vikasietotilaan:
1. Käynnistä tietokone uudelleen.
2. Kun tietokone käynnistyy, paina F8-näppäintä.
3. Näyttöön tulee erilaisia käynnistysvaihtoehtoja.
4. Valitse näppäimistön nuolinäppäinten avulla Vikasietotila.
5. Paina ENTER-näppäintä.

=========

Poista seuraavat tiedostot ja kansiot

C:\Program Files\RegistryCleaner
C:\WINDOWS\system32\RegistryCleanerSetup.exe
C:\xffjxlk.exe
C:\rkekq.exe
C:\lcdeljej.exe
C:\WINDOWS\system32\drvsuv.dll
C:\Program Files\Messenger Plus! Live
C:\Program Files\NetBus Pro\
C:\Program Files\FindFM Toolbar

HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
[*]Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
[*]Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
[*]AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.
Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
[*]Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
[*]Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

[*]Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
[*]Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
[*]Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestiketjuusi.

==========

Avaa Oma tietokone
-> Tee seuraava toimenpide kaikille Paikallisille levyille

==========

Lataa CCleaner ja asenna se:
Avaa "Options", sieltä "Language" ja valitse "Suomi (Finnish)"

Avaa "Virheet" kohta, paina "Etsi rekisterin virheitä", paina "Korjaa valitut rekisterin virheet..". Paina "Kyllä", kun ohjelma kysyy "Haluatko varmuuskopioida muutokset rekisteriin", tallenna tiedosto esim. työpöydälle.

Avaa "Puhdistaja", paina "Tutki" ja tämän jälkeen "Aja Ccleaner". Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

==========

Jos sinulla ei ole tätä java versiota (6.1):

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:

3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u1

Paina Download

Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

*Applications and Applets

*Trace and Log Files

Ja paina OK -nappia

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Klikkaa OK jättääksesi Java asetusikkunasi.

==========

Uusi HijackThis logi ja onko ongelmia?

[ + lainaa]

Tontttu

Junior Member

14. toukokuuta 2007 @ 14:14

Linkki tähän viestiin

AVG-raportti:

Lainaus:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 16:18:20 14.5.2007

+ Scan result:

HKLM\SOFTWARE\Aureate -> Adware.Aureate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Aureate\Advertising -> Adware.Aureate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SOFTWARE\Aureate -> Adware.Aureate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SOFTWARE\Aureate\Advertising -> Adware.Aureate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SOFTWARE\Aureate\Advertising\Default Server -> Adware.Aureate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SOFTWARE\Aureate\Advertising\Servers -> Adware.Aureate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SOFTWARE\Aureate\Advertising\Servers\1 -> Adware.Aureate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SOFTWARE\Aureate\Advertising\Servers\2 -> Adware.Aureate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SOFTWARE\Aureate\Advertising\Servers\3 -> Adware.Aureate : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SOFTWARE\Aureate\Advertising\Servers\4 -> Adware.Aureate : Cleaned with backup (quarantined).
HKU\S-1-5-21-1614895754-299502267-682003330-1003\Software\Aureate -> Adware.Aureate : Cleaned with backup (quarantined).
HKU\S-1-5-21-1614895754-299502267-682003330-1003\Software\Aureate\Advertising -> Adware.Aureate : Cleaned with backup (quarantined).
HKU\S-1-5-21-1614895754-299502267-682003330-1003\Software\Aureate\Advertising\Cookies -> Adware.Aureate : Cleaned with backup (quarantined).
HKU\S-1-5-21-1614895754-299502267-682003330-1003\Software\Aureate\Advertising\Demographics -> Adware.Aureate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\Documents and Settings\Tonttu\Käynnistä-valikko\Ohjelmat\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Tonttu\Käynnistä-valikko\Ohjelmat\WhenU\Customer Support.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Tonttu\Käynnistä-valikko\Ohjelmat\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Tonttu\Käynnistä-valikko\Ohjelmat\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Tonttu\Käynnistä-valikko\Ohjelmat\WhenU\Uninstall Instructions.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Tonttu\Käynnistä-valikko\Ohjelmat\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\ACM.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\Save.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\SaveUninst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\ffext.mod -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\save.db -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\save.htm -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\store.db -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP289\A0128818.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP289\A0128823.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP299\A0129413.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP299\A0129417.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP307\A0129735.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP310\A0131835.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP310\A0131836.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP329\A0133167.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP331\A0135342.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP331\A0136778.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSave -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSave\Partners -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSave\Partners\BSPL -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP331\A0135345.exe/crack.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP331\A0135363.exe -> Dialer.GBDialer.i : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/win1E.tmp.exe -> Downloader.Alphabet : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/win4D.tmp.exe -> Downloader.Alphabet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP331\A0136430.exe -> Downloader.Alphabet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP331\A0136434.exe -> Downloader.Alphabet : Cleaned with backup (quarantined).
C:\WINDOWS\smanager.7.exe~ -> Downloader.Alphabet : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/ngfjya.exe -> Downloader.Small.cwj : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/obupywy.exe -> Downloader.Small.cwj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP331\A0136412.exe -> Downloader.Small.cwj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP331\A0136413.exe -> Downloader.Small.cwj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP331\A0136424.exe -> Downloader.Small.cwj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP331\A0136425.exe -> Downloader.Small.cwj : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/tcpipmon.exe -> Hijacker.Agent.is : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP331\A0136415.exe -> Hijacker.Agent.is : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP331\A0136427.exe -> Hijacker.Agent.is : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP331\A0136797.exe -> Hijacker.Agent.is : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP331\A0136799.exe -> Hijacker.Agent.is : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP331\A0136798.exe -> Hijacker.Costrat.ak : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/rpcc.exe -> Proxy.Dlena.ad : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP331\A0136414.exe -> Proxy.Dlena.ad : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP331\A0136426.exe -> Proxy.Dlena.ad : Cleaned with backup (quarantined).
:mozilla.232:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.237:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.238:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.239:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.240:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.241:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.242:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.243:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.244:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.245:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.246:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.247:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.248:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.249:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.250:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.251:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.252:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.253:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.254:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.255:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.256:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.257:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.258:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.259:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.260:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.261:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.262:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.263:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.264:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.265:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.266:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.267:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.268:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.269:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.270:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.271:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.272:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.621:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.767:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tonttu\Cookies\tonttu@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tonttu\Cookies\tonttu@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tonttu\Cookies\tonttu@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.436:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Abcsearch : Cleaned.
:mozilla.410:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.411:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.412:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.413:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.604:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.291:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.300:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.64:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.65:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Tonttu\Cookies\tonttu@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.66:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.67:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.68:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.69:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.70:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.71:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.301:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Tonttu\Cookies\tonttu@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.459:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.455:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.456:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.457:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.458:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.460:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.461:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.420:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.409:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.794:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Tonttu\Cookies\tonttu@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.636:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.637:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Tonttu\Cookies\tonttu@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.80:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Tonttu\Cookies\tonttu@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.414:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.415:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.416:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.417:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.295:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.296:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.297:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.298:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.299:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Tonttu\Cookies\tonttu@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.439:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned.
:mozilla.157:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.839:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.935:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.936:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Tonttu\Cookies\tonttu@ehg-vcbs.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Tonttu\Cookies\tonttu@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.564:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.565:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.518:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.946:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.928:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.929:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.930:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\Tonttu\Cookies\tonttu@search.live[1].txt -> TrackingCookie.Live : Cleaned.
:mozilla.432:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Tonttu\Cookies\tonttu@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.7:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.452:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.453:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.454:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.668:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.321:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Tonttu\Cookies\tonttu@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned.
:mozilla.396:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.397:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.398:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.403:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Tonttu\Cookies\tonttu@real[2].txt -> TrackingCookie.Real : Cleaned.
:mozilla.293:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.294:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.217:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.218:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.219:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.220:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Tonttu\Cookies\tonttu@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.517:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.747:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.748:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.749:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.750:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.751:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.752:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.753:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.754:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.755:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.772:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.773:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.774:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.775:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.776:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.777:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Tonttu\Cookies\tonttu@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Tonttu\Cookies\tonttu@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.883:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.778:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.779:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.780:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.781:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.863:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.100:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.101:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.102:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.103:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.104:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.105:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.106:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.107:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.108:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.109:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.110:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.111:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.112:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.113:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.114:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.115:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.116:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.117:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.118:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.119:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.120:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.121:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.122:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.123:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.124:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.125:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.126:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.127:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.128:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.129:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.82:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.84:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.85:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.86:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.87:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.88:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.89:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.90:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.91:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.92:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.93:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.94:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.95:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.96:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.97:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.98:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.99:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Tonttu\Cookies\tonttu@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.14:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.20:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\Documents and Settings\Tonttu\Cookies\tonttu@statistik-gallup[2].txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.399:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.400:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.401:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.402:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.562:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.133:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.134:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.135:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.136:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.137:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.138:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.6:C:\Documents and Settings\Tonttu\Application Data\MozillaControl\profiles\MozillaControl\j6pf0zq4.slt\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.7:C:\Documents and Settings\Tonttu\Application Data\MozillaControl\profiles\MozillaControl\j6pf0zq4.slt\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Tonttu\Cookies\tonttu@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.292:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.740:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.741:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.233:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Tonttu\Cookies\tonttu@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.35:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.36:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.37:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.38:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.39:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.40:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Tonttu\Cookies\tonttu@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.308:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.309:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.310:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.311:C:\Documents and Settings\Tonttu\Application Data\Mozilla\Firefox\Profiles\4t7p6ezz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Tonttu\Cookies\tonttu@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Tonttu\Cookies\tonttu@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\!KillBox\winexz32.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/win1C.tmp.exe -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/win22.tmp.exe -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/win27.tmp.exe -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP331\A0136429.exe -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP331\A0136432.exe -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP331\A0136433.exe -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP331\A0136528.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP331\A0136800.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\Documents and Settings\Tonttu\Työpöytä\Räpellykset\KännyCD\Cell Phone Stuff\Misc\mobimb_internet_patch.rar/patch.exe -> Trojan.Feutel.av : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11D2D7AC-0ECB-415B-A154-CA6D4AEE6C67}\RP331\A0135345.exe/keygen.exe -> Trojan.Inject.bs : Cleaned with backup (quarantined).

::Report end

Hjt-logi:

Lainaus:
Logfile of HijackThis v1.99.1
Scan saved at 18:10:30, on 14.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WPSC3PSW.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Tonttu\Työpöytä\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.find.fm/?aid=53&sid=99
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WpsRePsw] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [IECheck] C:\WINDOWS\IECheck.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RtlWake.lnk = C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/Ap...ap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/Ap...ap/DigWXMSN.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Unknown owner - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Nyt ei ainakaan vielä oo mitkään ylimääräset ohjelmat hyppiny silmille. :) Kiitos paljon!

[ + lainaa]

Auttaja

Suspended permanently

14. toukokuuta 2007 @ 16:14

Linkki tähän viestiin

Poista nämä kansiot

C:\Documents and Settings\Tonttu\Käynnistä-valikko\Ohjelmat\WhenU\
C:\Program Files\Save\
C:\SDFix\backups\

========

tarkistetaan vielä tällä

Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

[ + lainaa]

Tontttu

Junior Member

15. toukokuuta 2007 @ 15:53

Linkki tähän viestiin

Kahta ensimmäistä kansiota ei ollut... ei edes piilotettuina.

Tässä raportti:

Lainaus:
Scanning Report
Tuesday, May 15, 2007 16:46:08 - 19:48:35

Computer name: TONI
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ E:\
Result: 22 malware found
Backdoor.Win32.Netbus.20.d (virus)

* C:\Program Files\Norton AntiVirus\Quarantine\148E754C.exe (Renamed & Submitted)

Possible Browser Hijack attempt (spyware)

* System (Disinfected)

Softomate Toolbar (spyware)

* System (Disinfected)

Tracking Cookie (spyware)

* System (Disinfected)
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System

Trojan-Downloader.Win32.Agent.acd (virus)

* C:\Program Files\Norton AntiVirus\Quarantine\411A1E3F.wmf (Renamed & Submitted)

Trojan-Spy.Win32.VBStat.h (virus)

* C:\VundoFix Backups\ojqnjxfq.dll.bad (Renamed & Submitted)

Vundo.gen21 (virus)

* C:\VundoFix Backups\awtstqq.dll.bad (Submitted)
* C:\VundoFix Backups\ddcabxx.dll.bad (Submitted)

WhenU.SaveNow (spyware)

* System (Disinfected)

Statistics
Scanned:

* Files: 360674
* System: 5109
* Not scanned: 155

Actions:

* Disinfected: 4
* Renamed: 3
* Deleted: 0
* None: 15
* Submitted: 5

Files not scanned:

* * 8 AGEFILE.SYS C:\WINDOWS\SYSTEM32\BIOS1.ROM
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
* C:\vuescan\vuescan.dat\0210E651.DAT
* C:\vuescan\vuescan.dat\FIRM.DAT
* C:\PROGRAM FILES\STEAM\STEAMAPPS\SQIRK\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\GOODLUCK.MP3
* C:\PROGRAM FILES\STEAM\STEAMAPPS\SQIRK\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\WAITINGFORSUSPECT.MP3
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\6\0483\0483_0656.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\6\0483\0483_0657.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\6\0483\0483_0658.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\5\0241\0241_0325.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\5\0241\0241_0327.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\5\0241\0241_0328.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\5\0241\0241_0329.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\5\0241\0241_0330.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\5\0179\0179_0034.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\5\0179\0179_0035.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\4\0120\0120_0162.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\4\0120\0120_0163.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\4\0120\0120_0164.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\4\0120\0120_0165.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\4\0089\0089_0017.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\3\0060\0060_0081.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\3\0060\0060_0082.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\3\0060\0060_0083.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\3\0060\0060_0084.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\3\0045\0045_0008.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\2\0030\0030_0040.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\2\0030\0030_0041.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\2\0030\0030_0042.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\2\0022\0022_0004.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\1\0015\0015_0020.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\1\0015\0015_0021.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\1\0011\0011_0002.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\0\0007\0007_0000.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\0\0007\0007_0001.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\0\0007\0007_0002.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\0\0007\0007_0003.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\0\0007\0007_0004.BIL
* C:\PROGY FL8 xZORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\5\0241\0241_0325.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\5\0241\0241_0327.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\5\0241\02838H
xZ>C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\5\0241\0241_0329.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\5\0241\0241_0330.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\5\0179\0179_0034.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\5\0179\0179_0035.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\4\0120\0120_0162.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\4\0120\0120_0163.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\4\0120\0120_0164.BIL * C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\4\0120\0120_0165.BIL

* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\4\0089\0089_0017.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\3\0060\0060_0081.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\3\0060\0060_0082.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\3\0060\0060_0083.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\3\0060\0060_0084.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\3\0045\0045_0008.BIL
* C:\PROGRAM FILES\NASA\WORLD WIND 1.3\CACHE\EARTH\TERRAINACCESSOR\SRTM\2\0030\0030_0040.BIL
* C:\PROGRAM FILES\NASA\WORLD WIN~

Options
Scanning engines:

* F-Secure AVP: 7.0.171, 2007-05-15
* F-Secure Blacklight: 1.0.53
* F-Secure Draco: 1.0.35, 2007-05-07
* F-Secure Libra: 2.4.2, 2007-05-11
* F-Secure Orion: 1.2.37, 2007-05-15
* F-Secure Pegasus: 1.19.0, 2007-04-14

Scanning options:

* Scan all files
* Scan inside archives
* Use Advanced heuristics

[ + lainaa]

Auttaja

Suspended permanently

15. toukokuuta 2007 @ 16:39

Linkki tähän viestiin

Pysy puhtaana

-> Tyhjennä järjestelmänpalautus Ohjeet
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas

-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.

-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm

->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.

->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI

[ + lainaa]

Mainos

Tontttu

Junior Member

15. toukokuuta 2007 @ 17:10

Linkki tähän viestiin

Kiitos paljon! Osa noista jo on, loput pitääkin asentaa.

Kiitos avusta :)

[ + lainaa]

Vastaa

Aloita uusi viestiketju

Aiheeseen liittyviä linkkejä

Lataa uusin versio HijackThis-ohjelmasta täältä!

Aiheeseen liittyviä viestiketjuja	Viestejä	Viimeisin viesti	Keskustelualue
HJT Logi	2	3. kesäkuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
HJT-logi ja vale-firefox ongelmia....virus koneella ?	4	6. toukokuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
HJT logi, kone jumittaa	1	3. huhtikuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
Näppäimistö sekoilee hjt log	1	2. huhtikuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
HJT-log ja Malwarebytes- log, Troijalainen? Apu tarpeen!	2	10. maaliskuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
HJT-loki, kone valtavan hidas ja perusskannereiden läpi ajamisella ei vaikutusta	1	19. helmikuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
probook 445 hjt-logit	1	19. tammikuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
HJT loki tarkastukseen	1	19. tammikuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit
Win7 + HJT ongelma ja kummitteleva Mass effect 2	1	11. tammikuuta 2014	Windows -ongelmat
HJT-logia..	1	9. tammikuuta 2014	Virukset ja haittaohjelmat - HijackThis -logit

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > hjt - logini sekä


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.